Skip to content
TrailSight
  • Problem
  • Detection
  • How it works
  • Findings
  • Request a Demo

Trust & Security

How TrailSight handles your data.

Last updated: July 5, 2026

TrailSight is a security product, and we hold ourselves to the standard we expect from the tools we buy. This page describes practices, not badges — how the product connects, what it can and cannot touch, and how your data is isolated, protected, and deleted.

How TrailSight connects

  • Agentless. Nothing is installed in your Salesforce org — no managed package, no Apex, no scheduled jobs.
  • OAuth with least privilege. TrailSight connects over OAuth with read-only access scoped to what analysis needs.
  • Read-only analysis. Nothing is written to your Salesforce org during analysis. Remediation, if you choose to use it, is an explicit, previewed, and audited action.

Credential handling

  • OAuth credentials and secrets are stored in a dedicated, secured secrets store.
  • Credentials are never stored in the product database or alongside customer data.

Isolation and access

  • Strict per-org isolation. Each connected org keeps its own data, findings, and triage history.
  • Least-privilege internal access. Role-based access controls govern who can see and do what, internally and in the console.

Data residency

  • Local and in-region analysis where applicable — analysis stays within your environment and region.
  • AI-assisted analysis respects regional processing constraints.

Encryption

  • All connections — to Salesforce and to the TrailSight console — are encrypted in transit (TLS).
  • Data at rest is encrypted where the underlying storage supports it.

Auditability

  • Durable triage history for every finding.
  • A full audit trail for every remediation action: who, what, when, and against which org.

Data lifecycle and deletion

  • Reversible disconnect. Stop collection for an org at any time without losing its history.
  • Irreversible erasure. A type-to-confirm, single-org erasure removes that org's data permanently.

Compliance posture

We do not currently claim SOC 2, ISO, or other certifications, and we won't imply otherwise. We are happy to complete security questionnaires, walk through our architecture, and share our practices in detail as part of your vendor review.

Reporting a vulnerability

If you believe you have found a security issue in TrailSight, email contactus@trailsight.io with "Security report" in the subject. We appreciate coordinated disclosure and will respond promptly.

Questions your security team wants answered before a demo? Ask us directly — honest answers about capabilities and limits are the point of the product. See also our Privacy Policy.

TrailSight

AI Agent Security for Salesforce.

Problem Detection How it works Findings Request a Demo
contactus@trailsight.io
Privacy Policy Trust & Security LinkedIn

© 2026 TrailSight. All rights reserved.